Vulnerability Management (VM)

Vulnerability management (VM) is the process of identifying, categorizing, and remediating security vulnerabilities to proactively defend against threats. All vulnerability management should begin by identifying all of the assets within an IT ecosystem before attempting to test for vulnerabilities, or organizations may end up with significant blind spots. Unfortunately, the true extent of an organization’s attack surface is not identified by legacy security tools and processes, such as vulnerability scanners and penetration tests, yet many organizations operate as if that were the case. These legacy security tools do not have the means to identify previously unknown assets.